Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS7488.roa
File:                     AS7488.roa (raw, json)
Hash identifier:          pAc3RWP+b0KAvGodsaXOH/13DrZNO9bzG2Rfn78xeXI=
Subject key identifier:   FA:D4:99:75:2D:48:73:8E:53:D2:5B:E8:83:5E:09:CB:96:BA:4B:D6
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7BD543E75278BCF5F4B9BC795BB8B6CDDA084A61
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS7488.roa
Signing time:             Mon 25 May 2026 10:22:51 +0000
ROA not before:           Mon 25 May 2026 10:17:51 +0000
ROA not after:            Mon 24 May 2027 10:22:51 +0000
asID:                     7488
IP address blocks:        82.39.120.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:d5:43:e7:52:78:bc:f5:f4:b9:bc:79:5b:b8:b6:cd:da:08:4a:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 25 10:17:51 2026 GMT
            Not After : May 24 10:22:51 2027 GMT
        Subject: CN=FAD499752D48738E53D25BE8835E09CB96BA4BD6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:5e:bd:d0:4f:d5:5f:71:d5:9f:37:33:0d:43:
                    a0:b4:6d:1a:f2:56:06:6d:41:00:7d:84:2b:a8:0b:
                    b4:ab:80:6e:0b:95:a4:66:aa:ea:fd:ec:b7:05:7e:
                    df:71:80:f6:c8:bb:74:3d:42:c9:4c:de:0b:3f:4f:
                    ac:c0:b5:aa:0c:83:38:2a:73:5a:10:38:d2:89:37:
                    f9:64:52:f9:e1:ef:4d:7d:e6:aa:0b:74:05:e3:fd:
                    27:67:a4:c4:ac:e5:04:67:81:27:99:0b:eb:f0:87:
                    11:4d:6d:08:f4:cf:f3:c0:a5:18:6d:39:63:fa:3d:
                    20:ed:5b:a1:6e:8c:90:73:e5:6d:43:c2:22:fa:44:
                    92:f9:b1:27:e9:c3:20:22:0b:48:cf:3a:1f:04:04:
                    b7:e7:d1:b4:78:f4:33:ed:5f:82:8f:8a:9f:ae:89:
                    62:e4:50:e2:1d:0b:6b:7d:d3:78:c9:01:d1:48:e6:
                    87:26:49:5b:b6:e3:50:83:ff:a5:63:76:05:c7:b9:
                    65:86:f3:14:7f:f9:39:ff:3d:59:4b:be:4f:19:6a:
                    41:e1:c7:f7:2e:2e:3f:83:21:1f:a9:c7:d0:1f:4f:
                    af:8c:8e:65:21:84:f2:3a:d4:bf:de:f9:b8:6e:08:
                    c3:8b:d5:85:54:f8:59:58:a9:93:1f:2b:7c:f4:36:
                    89:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:D4:99:75:2D:48:73:8E:53:D2:5B:E8:83:5E:09:CB:96:BA:4B:D6
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS7488.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.39.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3c:31:24:73:15:65:30:d6:7b:ca:bd:cc:e8:8b:6a:7d:d7:cd:
         9d:72:53:d9:b7:b8:d5:7c:c3:9f:d9:30:e9:01:93:a7:6b:88:
         79:78:01:86:f6:20:47:50:88:26:64:a3:09:84:76:b5:f6:2c:
         30:2f:fd:87:f8:d8:5f:4b:24:df:20:69:0c:c6:cb:d2:d4:47:
         6b:c1:db:74:52:51:21:f6:e6:2c:a5:a7:8d:14:a6:0c:ec:0b:
         31:c3:83:70:19:a1:d5:3e:b6:84:ee:f2:ed:71:46:cc:87:3e:
         60:4a:d0:a1:a5:b2:b8:8a:66:dd:69:9f:5e:9b:ff:42:a2:e4:
         a2:d3:cf:74:cd:01:e5:7b:9c:f8:fe:e2:f5:9f:34:db:95:1d:
         de:44:eb:ec:9b:9a:a5:af:8d:c5:64:3d:7d:0b:08:1d:6e:db:
         c3:69:7f:cc:9d:c5:30:42:95:16:07:78:ca:45:22:40:f6:2c:
         b8:ac:c4:55:df:56:f0:06:a6:28:d0:cc:7b:e4:c1:13:9e:55:
         94:9d:38:59:61:6b:72:ed:ce:3f:de:a4:c1:06:34:a7:8b:19:
         77:42:46:2a:e9:49:2c:df:c2:7c:a5:e2:6d:e3:bc:08:00:43:
         65:f8:22:a5:9c:b0:2a:59:f4:2d:ef:47:ab:96:d1:96:d6:b1:
         61:66:6a:2f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUe9VD51J4vPX0ubx5W7i2zdoISmEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MjUxMDE3NTFaFw0yNzA1MjQxMDIyNTFaMDMxMTAvBgNV
BAMTKEZBRDQ5OTc1MkQ0ODczOEU1M0QyNUJFODgzNUUwOUNCOTZCQTRCRDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBXr3QT9VfcdWfNzMNQ6C0bRry
VgZtQQB9hCuoC7SrgG4LlaRmqur97LcFft9xgPbIu3Q9QslM3gs/T6zAtaoMgzgq
c1oQONKJN/lkUvnh70195qoLdAXj/SdnpMSs5QRngSeZC+vwhxFNbQj0z/PApRht
OWP6PSDtW6FujJBz5W1DwiL6RJL5sSfpwyAiC0jPOh8EBLfn0bR49DPtX4KPip+u
iWLkUOIdC2t903jJAdFI5ocmSVu241CD/6VjdgXHuWWG8xR/+Tn/PVlLvk8ZakHh
x/cuLj+DIR+px9AfT6+MjmUhhPI61L/e+bhuCMOL1YVU+FlYqZMfK3z0NolhAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQU+tSZdS1Ic45T0lvog14Jy5a6S9YwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNzQ4OC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA1IneDAN
BgkqhkiG9w0BAQsFAAOCAQEAPDEkcxVlMNZ7yr3M6ItqfdfNnXJT2be41XzDn9kw
6QGTp2uIeXgBhvYgR1CIJmSjCYR2tfYsMC/9h/jYX0sk3yBpDMbL0tRHa8HbdFJR
IfbmLKWnjRSmDOwLMcODcBmh1T62hO7y7XFGzIc+YErQoaWyuIpm3WmfXpv/QqLk
otPPdM0B5Xuc+P7i9Z8025Ud3kTr7Juapa+NxWQ9fQsIHW7bw2l/zJ3FMEKVFgd4
ykUiQPYsuKzEVd9W8AamKNDMe+TBE55VlJ04WWFrcu3OP96kwQY0p4sZd0JGKulJ
LN/CfKXibeO8CABDZfgipZywKln0Le9Hq5bRltaxYWZqLw==
-----END CERTIFICATE-----